Jump to content
MakeWebGames

script to prevent users to register or login using proxies


mrasiankix
 Share

Recommended Posts

Re: script to prevent users to register or login using proxies

Were you looking for a free script or a really good premium paid script?

Okay, now that my sales deal is out of the way.

Your only good option for blocking proxies is to maintain a database of proxies and simply match up the REMOTE_ADDR to the proxies in your database. I should say that that is the only direct option.

Of course proxies are changing all the time and you'd have to maintain that list of proxies which itself will likely have to be paid for.

Personally, I recommend two things:

Recording IP's when a user registers, logs in, and on every page load. At least you can see changes over time with that, and in combination with this is having a vigilant staff.

The second thing I recommend is using cookies to track users with in combination to IPs. It works as good as leading cattle to the slaughter.

Link to comment
Share on other sites

Re: script to prevent users to register or login using proxies

That's where my cookie sigs mod comes in. It only matches users, and never provides false results. Yeah, it can miss some folks, but when it finds a match, there's no denying it's a match since a cookie is set to the computer itself and not dependant on AOL or any proxy ;)

Link to comment
Share on other sites

Re: script to prevent users to register or login using proxies

 

That's where my cookie sigs mod comes in. It only matches users, and never provides false results. Yeah, it can miss some folks, but when it finds a match, there's no denying it's a match since a cookie is set to the computer itself and not dependant on AOL or any proxy ;)

Lots of people delete cookies so that won't work.

I have my firefox set to delete cookies everytime I close the browser.

Link to comment
Share on other sites

Re: script to prevent users to register or login using proxies

It works, ;)

Like I said, it's not 100%. It should be used in combination with IP recording and diligent staff work.

You'd be surprised how many folks I've caught with the cookie signatures... (so you can't tell me it hasn't worked, you can only say it's not 100%)

Link to comment
Share on other sites

Guest Anonymous

Re: script to prevent users to register or login using proxies

Yup, does work, nicely.

Personally I've been known to use a method similar to Floydians as a secondary, plus three other - and (almost) forget staff. The machine is far better at multi tracking than staff can be, however human intuition does come into it.

Link to comment
Share on other sites

Re: script to prevent users to register or login using proxies

 

It works, ;)

Like I said, it's not 100%. It should be used in combination with IP recording and diligent staff work.

You'd be surprised how many folks I've caught with the cookie signatures... (so you can't tell me it hasn't worked, you can only say it's not 100%)

I didn't say it won't work.

I'm saying someone who has decent knowledge online knows to delete their cookies.

Lots of adware and whatnot comes through there and its good to remove it.

Even if you do have to re-login every time you close a browser.

IP tracking is the way I plan on doing it and have developed a very good system(I think).

Human log watching is effective, but again flawed, humans can only do so much. =P

Link to comment
Share on other sites

Re: script to prevent users to register or login using proxies

lol You're saying you will only use IP's because there's flaws in other methods. And yet, there's flaws in IP tracking.

See the flaw in your logic?

Look at it this way, it's like having multiple filters. Some filters will only filter out one kind of thing, and another filter will filter out another thing. It's when you combine multiple filters, that you get the maximum chances of blocking the bad guys.

But by all means, go without it. It's not like it's hard to code up though...

Link to comment
Share on other sites

  • 3 months later...

Re: script to prevent users to register or login using proxies

We use a 3 tier approach and it's worked out very well thus far. Like everyone has said it still requires human intervention, nothing on a web based game is 100%...

IP

Cookies

Then check the following headers

HTTP_X_FORWARDED_FOR

HTTP_PROXY_CONNECTION

HTTP_VIA

Any of these answer up then it's a proxy and probably a good one (AOL etc) because they answered up as a proxy and let us know it's a proxy. If they don't answer up as a proxy (like most anonymous proxy services) we then go the RBL check (Realtime Block List). We subscribe to 2 moderate RBL servers. When it first went online I used strict servers and they were, well, VERY strict and blocked a lot more players then we thought they should.

If the RBL records a hit we either mark them in the logs or we just block the signup process right there. The choice is based on which game, some of our games we are less strict as they don't tend to attract problem players.

Once again not 100% but it's taken our multi check from an all day affair to less then an hour every couple days. So for us it's "good enough".

--------

Edit...

Also I have to note we do track a login history. So as someone aboved mentioned you can delete cookies, however, this is logged and scrubbed nightly. So if a player logs in and has cookie, then logs in later with no cookie this account is flagged to let us know they cookie is missing. Not always a bad thing but can sometimes alert you to a possible problem down the road.

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • 5 weeks later...

Re: script to prevent users to register or login using proxies

hmm, Surely there would be a way to stop a CGI-Proxy? Just check whats in the Address bar and if its not the site die an error? or does a CGI-Proxy work differently (Never even looked at a CGI script)

Link to comment
Share on other sites

Re: script to prevent users to register or login using proxies

Majority of the "good" proxy's. They fool your $_SERVER[] array. Meaningless by putting:

$_SERVER['REMOTE_ADDR']; it is basicly conecting to the proxy's IP.

$_SERVER['PHP_SELF']; Also being fooled by the proxy to what ever URL you are clicking.

$_SERVER['HTTP_HOST'] Normaly would be domain.com or www.domain.com Unfortunatly, we use a proxy we normaly get gproxy.net/rip?domain=hashed domain etc

$_SERVER['HTTP_HOST'] then again is being fooled to being "hashed domain" Of course before it send's it. It unhashes the domain. There for fooling every $_SERVER[] command.

Use a proxy. Go to a test page. And put this in your test page:

var_dump($_SERVER);

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...